[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 13.921934] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. [ 14.323465] random: sshd: uninitialized urandom read (32 bytes read) [ 14.577433] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 15.224486] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. [ 20.939099] random: sshd: uninitialized urandom read (32 bytes read) 2018/08/29 14:24:55 fuzzer started [ 22.333008] random: cc1: uninitialized urandom read (8 bytes read) 2018/08/29 14:24:57 dialing manager at 10.128.0.26:36683 2018/08/29 14:25:03 syscalls: 1 2018/08/29 14:25:03 code coverage: enabled 2018/08/29 14:25:03 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/08/29 14:25:03 setuid sandbox: enabled 2018/08/29 14:25:03 namespace sandbox: enabled 2018/08/29 14:25:03 fault injection: CONFIG_FAULT_INJECTION is not enabled 2018/08/29 14:25:03 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/08/29 14:25:03 net packed injection: enabled 2018/08/29 14:25:03 net device setup: enabled [ 31.514100] random: crng init done INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes 14:26:45 executing program 0: exit(0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = dup(r0) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000), &(0x7f0000000140)=0x4) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000180), 0x4) 14:26:45 executing program 1: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000800)) sendto$inet6(r0, &(0x7f0000000100)="5051e7789683007d5c78c6e0fd52a3052c95b7cf94e645442d5658fd88690350b5ffbc06e020ae26d07c92578dbd76906b3d0944c2669b6fdb4aa7", 0x3b, 0x0, &(0x7f0000000040)={0xa, 0x4e21, 0x5, @loopback, 0x37}, 0x1c) 14:26:45 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) 14:26:45 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000943ffc)=0xa35) r1 = memfd_create(&(0x7f0000000100)='/dev/ptmx\x00', 0x3) timerfd_gettime(r1, &(0x7f0000000140)) read(r0, &(0x7f00003fefff)=""/1, 0x1) r2 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) mq_open(&(0x7f0000000000)='/dev/ptmx\x00', 0x882, 0x0, &(0x7f0000000040)={0x100000001, 0x0, 0x4, 0x3, 0x400, 0x8000, 0x7ff, 0x9}) readv(r0, &(0x7f0000dcdff0)=[{&(0x7f0000cd8000)=""/1, 0x1}], 0x1) ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f00000000c0)=r2) ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x3e) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000fb9000)) fcntl$setsig(r3, 0xa, 0x12) poll(&(0x7f0000b2c000)=[{r4}], 0x1, 0xfffffffffffffff8) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000080)) r5 = dup2(r3, r4) setsockopt$inet6_buf(r1, 0x29, 0x3b, &(0x7f0000000180)="b7d865f5d093e5854b7c6cb75c5f4dfc338ca8bd7e9cc4ff35ab422fd24dc99712fa3d8ad6db27653157346df041e683dca643000f67d23022d1981b3f82ad5bf9a53494648545e66be1766282c511524759cbbeb217d6677a99f61f1a443fef2bc199ba78613e80b8970a7affb71b0eac8b6279b217c7c09d3ef86299a1f3ed77910c5e019d5787f7dbad782bef095617a510d36e2d80e5d8e35e4a12845e0d2ab9ca84b641bb56f49d6923b2c92d06e0ced8f84926", 0xb6) fcntl$setown(r5, 0x8, r2) tkill(r2, 0x16) 14:26:45 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f00000000c0)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @rand_addr=0x8001}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f00000001c0), 0x0) setsockopt$sock_int(r0, 0x1, 0x24, &(0x7f0000000140)=0x39a, 0x4) 14:26:45 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="0a5cc80700315f85715070") r1 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)) ftruncate(r1, 0x0) 14:26:45 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x1ff, 0x82) r1 = memfd_create(&(0x7f0000000100)="74086e750000000000000000008c00", 0x0) pwritev(r1, &(0x7f0000000280)=[{&(0x7f0000000140)='\f', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) 14:26:45 executing program 6: exit(0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) write$P9_RSTATu(r0, &(0x7f0000000400)={0x7d, 0x7d, 0x0, {{0x0, 0x5c, 0x0, 0x7ff, {}, 0x0, 0x0, 0x0, 0x0, 0x12, ')trusted+mime_type', 0x12, ')trusted+mime_type', 0x1, '$', 0x4, '-em0'}, 0xc, '\\securitylo('}}, 0x7d) [ 131.259105] IPVS: Creating netns size=2536 id=1 [ 131.324318] IPVS: Creating netns size=2536 id=2 [ 131.361180] IPVS: Creating netns size=2536 id=3 [ 131.392864] IPVS: Creating netns size=2536 id=4 [ 131.426096] IPVS: Creating netns size=2536 id=5 [ 131.475803] IPVS: Creating netns size=2536 id=6 [ 131.541581] IPVS: Creating netns size=2536 id=7 [ 131.606328] IPVS: Creating netns size=2536 id=8 [ 132.026353] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.088677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.290646] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.343803] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.418659] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.455645] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.465440] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 132.488484] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.513339] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.525128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 132.551951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.641649] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.693345] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.711235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.724267] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 132.745212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.773104] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 132.799099] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 132.825429] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 132.899134] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 132.913443] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 132.931264] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 132.941945] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 132.957673] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 132.969559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 132.996891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 133.023104] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.036468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.044542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.070938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 133.093725] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 133.106805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.114371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.147624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 133.159538] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 133.178740] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.192768] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 133.210565] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 133.223095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 133.254647] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.288436] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.312938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.324318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.335622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.358506] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.381251] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 133.391230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.405556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.421508] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.432975] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 133.443705] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.456301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.463953] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.483604] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 133.505283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.523872] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 133.549264] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.557762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.581961] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.594878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.602373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.621877] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.631831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.650802] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 133.664818] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.676161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.684500] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.693532] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.709678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.720096] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 133.728889] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.737081] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.753596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.762120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.787553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.794957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.804264] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 133.812613] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 133.824023] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 133.836275] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.843756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.855835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.863311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.870919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.878486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.887506] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 133.907474] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 133.919373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.937499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.959112] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 134.035275] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 134.043928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 134.052001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 134.135728] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 134.142641] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 134.152997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 137.701510] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.881107] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.923365] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.944364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.952918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.970431] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.012541] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.026600] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.100557] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.110810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.118525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.176214] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.188355] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.195114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.201850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.219653] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.231026] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.242805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.253457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.269244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.276477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.376431] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.436571] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.442681] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.450125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.548242] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.621132] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.640285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.648511] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.765845] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.772362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.785327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 14:26:54 executing program 7: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000000)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) recvfrom$unix(r0, &(0x7f0000000600)=""/200, 0xc8, 0x0, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0xfffffffffffffd48) 14:26:54 executing program 5: r0 = socket$unix(0x1, 0x2, 0x0) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000240)) getsockname(r0, &(0x7f0000000180)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000000)=0x80) fcntl$getown(0xffffffffffffffff, 0x9) syncfs(r1) 14:26:54 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020d0000100000000000000500000000030006000200000002000000e004000100000000000000000800120002000200000000007d220000180000000303000000000300000000000000001f03000000160000000301000000000000000000000000000000000000030005000000000002000000e00000010000000000000000"], 0x80}}, 0x0) 14:26:54 executing program 5: exit(0x0) r0 = eventfd2(0xffffffffffff21e3, 0x800) r1 = fcntl$dupfd(r0, 0x0, r0) write$cgroup_pid(r1, &(0x7f0000000080), 0x12) 14:26:54 executing program 7: inotify_init() setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, &(0x7f00000000c0), 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername(r0, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000080)=0x23f) dup3(r1, r2, 0x0) chroot(&(0x7f0000000140)='./file0\x00') setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x20) 14:26:54 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000080)="0a5cc80700315f85") r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) ppoll(&(0x7f0000000000)=[{r1, 0x41a}], 0x1, &(0x7f0000000200)={0x0, r2+30000000}, &(0x7f0000000240), 0x8) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1a) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffff9c, 0xc018620b, &(0x7f0000000140)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffff9c, 0xc018620b, &(0x7f00000001c0)) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}}}, 0x26) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr, 0x0, 0x2b}, 0x2, @in6=@mcast2}}, 0xe8) 14:26:54 executing program 7: exit(0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = dup(r0) setsockopt(r1, 0x0, 0x9, &(0x7f0000000200)='s', 0x1) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f00000001c0)={@mcast2}) 14:26:54 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000180)="0a5cc80700315f85715070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) sendmmsg(r2, &(0x7f0000005fc0), 0x800000000000059, 0x0) 14:26:54 executing program 0: 14:26:54 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000d65000)={&(0x7f0000de2ff4), 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x1c, 0x4000000000003, 0x1, 0xffffffffffffffff, 0x0, 0x0, {}, [@nested={0x8, 0x8, [@typed={0x4}]}]}, 0x1c}}, 0x0) 14:26:54 executing program 0: 14:26:55 executing program 2: 14:26:55 executing program 0: 14:26:55 executing program 4: 14:26:55 executing program 1: 14:26:55 executing program 6: 14:26:55 executing program 3: 14:26:55 executing program 5: 14:26:55 executing program 0: 14:26:55 executing program 4: 14:26:55 executing program 1: 14:26:55 executing program 2: 14:26:55 executing program 7: 14:26:55 executing program 6: 14:26:55 executing program 5: 14:26:55 executing program 7: r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000017000)=0xfffff7fffffffffd, 0x4) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4000000004e20}, 0x10) 14:26:55 executing program 4: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000000c0)={0x84, @rand_addr, 0x0, 0x1, 'dh\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) 14:26:55 executing program 1: 14:26:55 executing program 6: 14:26:55 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020d0000100000000000000000000000030006000200000002000000e000000100000000000000020800120002000200000000007d220000180000000303000000000300000000000000001f03000000160000000301000000000000000000000000000000000000030005000000000002000000e00000010000000000000000"], 0x80}}, 0x0) 14:26:55 executing program 1: socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1040248}, 0x2, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000240)='/dev/urandom\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000340)='./file0/../file0\x00', 0x0) lremovexattr(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000400)=@known='system.posix_acl_access\x00') ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000140)) ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428) socketpair$inet(0x2, 0x2, 0x1, &(0x7f0000000280)) getrandom(&(0x7f0000000180)=""/40, 0xffffffffffffff59, 0x2) write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000000400)=ANY=[], 0x0) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000280)=0x1f) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000440)={0x80, 0x5, 0x7}) 14:26:55 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020d0000100000000000000000000000030006000200000002000000e004000100000000000000000800120002000200000000007d220000180000000303000000000300000000000000001f03000000160000000301000000000000000000000000000000000000030005000000000002000000e00000010000000000000000"], 0x80}}, 0x0) 14:26:55 executing program 3: 14:26:55 executing program 0: 14:26:55 executing program 5: bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1040248}, 0x2, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000240)='/dev/urandom\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000340)='./file0/../file0\x00', 0x0) lremovexattr(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000400)=@known='system.posix_acl_access\x00') ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000140)) ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428) socketpair$inet(0x2, 0x2, 0x1, &(0x7f0000000280)) getrandom(&(0x7f0000000180)=""/40, 0xffffffffffffff59, 0x2) write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000000400)=ANY=[], 0x0) ioctl$UI_BEGIN_FF_ERASE(0xffffffffffffffff, 0xc00c55ca, &(0x7f00000001c0)={0x0, 0x0, 0x3}) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000280)=0x1f) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000440)={0x80, 0x5, 0x7}) 14:26:55 executing program 4: 14:26:55 executing program 3: 14:26:55 executing program 0: 14:26:55 executing program 7: 14:26:55 executing program 4: 14:26:55 executing program 2: 14:26:55 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x800, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000240)={{{@in6, @in6=@dev}}, {{@in=@rand_addr}, 0x0, @in=@multicast2}}, &(0x7f0000000340)=0xe8) fchmod(r0, 0x20) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000600)) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f0000000800)) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x4) 14:26:55 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="0a5cc80700315f85715070") rt_sigprocmask(0x0, &(0x7f0000a9a000)={0xfffffffffffffffe}, 0x0, 0x8) r1 = memfd_create(&(0x7f0000000000)="2c9908871cde871334bd41ea5c8c6500", 0x0) fallocate(r1, 0x0, 0x0, 0x8000000000003) [ 141.162091] hrtimer: interrupt took 37598 ns 14:26:55 executing program 6: sched_setaffinity(0x0, 0x8, &(0x7f0000000140)) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) fcntl$setstatus(r1, 0x4, 0x80042001) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) sendmmsg(r1, &(0x7f00000002c0), 0x400000000000023, 0x0) dup(r0) 14:26:55 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f00006dc000)=[{0x6, 0x0, 0x0, 0xa1}]}, 0x10) sendto$inet(r0, &(0x7f00000001c0), 0x0, 0x200007fc, &(0x7f0000000200)={0x2, 0x3, @loopback}, 0x10) sendto$inet(r0, &(0x7f00000005c0)="1a8c443d3a568c81cc096aa87ddab0f1b182da383fd71795f41053261e63b0b9f1283f7431b6146106716c21b43625f9194bf4b6a5dba53c46b82862a2f804121cda7e6be8fd507bb1545de629746d878f10be8036e98a270c42d6458f97b342303464e94ccb6d6f4f81941e3f3fa371596cdf17e160c992140c9dc81362f019f017", 0x82, 0x0, &(0x7f0000000500)={0x2, 0x0, @multicast2}, 0x10) readv(r0, &(0x7f0000000480)=[{&(0x7f0000000000)=""/247, 0xf7}], 0x1) recvfrom(r0, &(0x7f0000000380)=""/239, 0xff4e, 0x0, 0x0, 0x307) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='bbr\x00', 0x4) close(r0) 14:26:55 executing program 4: 14:26:56 executing program 4: 14:26:56 executing program 2: 14:26:56 executing program 5: bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) pipe(&(0x7f00000002c0)={0xffffffffffffffff}) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1040248}, 0x2, &(0x7f0000000380)={&(0x7f0000000600)=ANY=[@ANYRES16=r0], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000240)='/dev/urandom\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000340)='./file0/../file0\x00', 0x0) lremovexattr(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000400)=@known='system.posix_acl_access\x00') ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000140)) ioctl$TIOCCBRK(0xffffffffffffffff, 0x5428) socketpair$inet(0x2, 0x2, 0x1, &(0x7f0000000280)) getrandom(&(0x7f0000000180)=""/40, 0xffffffffffffff59, 0x2) write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000000400)=ANY=[], 0x0) ioctl$UI_BEGIN_FF_ERASE(0xffffffffffffffff, 0xc00c55ca, &(0x7f00000001c0)={0x0, 0x0, 0x3}) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000280)=0x1f) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000440)={0x80, 0x5, 0x7}) 14:26:56 executing program 1: setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000140)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, "8f928519a52f1c809ce3533457656981daaf932fc39b1e00b311bb3e90d778a5d7834f3008834971ceaad30f16ca5e17ecad50fc4eec5a7c56b8e13675fd07a38c7314dc62e47ebcad055dc222ab48e0"}, 0xd8) r0 = epoll_create1(0x0) fcntl$lock(r0, 0x26, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x7fffffff}) 14:26:56 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$l2tp(0xffffffffffffffff, &(0x7f0000001200)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @multicast1}, 0x0, 0x2}}, 0x2e) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) sendmmsg(r1, &(0x7f0000005fc0)=[{{&(0x7f0000005680)=@sco, 0x80, &(0x7f0000005b00)}}, {{&(0x7f0000005b80)=@l2, 0x80, &(0x7f0000005c40), 0x1f4, &(0x7f0000005c80), 0x3a00}}], 0x3e8, 0x0) 14:26:56 executing program 6: exit(0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r1 = epoll_create1(0x0) dup3(r0, r1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x4) 14:26:56 executing program 0: exit(0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) write$P9_RGETATTR(r0, &(0x7f0000007740)={0xa0}, 0xfffffffffffffea3) 14:26:56 executing program 7: 14:26:56 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000100)=ANY=[@ANYBLOB="020a000007000000000000000000000005001a00fe800000000000000000002d7b0000bbfe80000000000000000000000000000000000200"], 0x38}}, 0x0) 14:26:56 executing program 7: sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x80042001) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000023, 0x0) 14:26:56 executing program 2: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(&(0x7f0000018000)='./file0\x00', &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x50, &(0x7f000000a000)) r0 = creat(&(0x7f0000df1000)='./file0/bus\x00', 0xbc9dc8fbd81cb4b1) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) unshare(0x40600) r2 = gettid() write$P9_RSYMLINK(r0, &(0x7f0000000000)={0x14}, 0x14) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000fd7000)) timer_settime(0x0, 0x0, &(0x7f0000d07000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) tkill(r2, 0x1000000000016) r3 = creat(&(0x7f00001d3ff4)='./file0/bus\x00', 0x0) dup2(r3, r0) 14:26:56 executing program 1: flock(0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f00000001c0)=0x4) writev(r0, &(0x7f0000000480)=[{&(0x7f00000002c0)}], 0x1) pipe(&(0x7f00000005c0)) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4a, &(0x7f0000000a80)=""/83) [ 141.941365] ================================================================== [ 141.948808] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1838/0x1b80 [ 141.955296] Read of size 8 at addr ffff8801cc0a6b58 by task syz-executor3/7046 [ 141.962992] [ 141.964622] CPU: 1 PID: 7046 Comm: syz-executor3 Not tainted 4.9.124-g09eb2ba #31 [ 141.972233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 141.981584] ffff880196e87540 ffffffff81eb95e9 ffffea0007302980 ffff8801cc0a6b58 14:26:56 executing program 1: 14:26:56 executing program 1: [ 141.989676] 0000000000000000 ffff8801cc0a6b58 0000000000000040 ffff880196e87578 [ 141.997766] ffffffff8156c35e ffff8801cc0a6b58 0000000000000008 0000000000000000 [ 142.005871] Call Trace: [ 142.008455] [] dump_stack+0xc1/0x128 [ 142.013829] [] print_address_description+0x6c/0x234 [ 142.020557] [] kasan_report.cold.6+0x242/0x2fe [ 142.026785] [] ? ip6_xmit+0x1838/0x1b80 [ 142.032407] [] __asan_report_load8_noabort+0x14/0x20 14:26:56 executing program 1: 14:26:56 executing program 1: [ 142.039152] [] ip6_xmit+0x1838/0x1b80 [ 142.044602] [] ? kasan_slab_free+0x72/0xc0 [ 142.050490] [] ? kfree+0xfb/0x310 [ 142.055592] [] ? skb_free_head+0x8b/0xb0 [ 142.061301] [] ? pskb_expand_head+0x45f/0x930 [ 142.067437] [] ? ip6_finish_output2+0x1d00/0x1d00 [ 142.073962] [] ? trace_hardirqs_on+0x10/0x10 [ 142.080016] [] ? __lock_is_held+0xa2/0xf0 [ 142.085810] [] ? ipv4_dst_check+0x111/0x160 14:26:56 executing program 1: [ 142.091779] [] ? __sk_dst_check+0x114/0x240 [ 142.097751] [] inet6_csk_xmit+0x27c/0x4d0 [ 142.103546] [] ? inet6_csk_xmit+0xff/0x4d0 [ 142.109423] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 142.116061] [] ? check_preemption_disabled+0x3b/0x170 [ 142.122901] [] l2tp_xmit_skb+0xc45/0xf30 [ 142.128607] [] pppol2tp_sendmsg+0x4e0/0x790 [ 142.134574] [] ? selinux_socket_sendmsg+0x3f/0x50 14:26:56 executing program 1: [ 142.141061] [] ? pppol2tp_release+0x2e0/0x2e0 [ 142.147206] [] sock_sendmsg+0xcc/0x110 [ 142.152742] [] ___sys_sendmsg+0x47a/0x840 [ 142.158535] [] ? copy_msghdr_from_user+0x560/0x560 [ 142.165107] [] ? trace_hardirqs_on+0x10/0x10 [ 142.171162] [] ? check_preemption_disabled+0x3b/0x170 [ 142.177998] [] ? __fget+0x20a/0x3b0 [ 142.183270] [] ? __fget_light+0x169/0x1f0 [ 142.189058] [] ? __fdget+0x18/0x20 [ 142.194246] [] __sys_sendmmsg+0x161/0x3d0 [ 142.200051] [] ? SyS_sendmsg+0x50/0x50 [ 142.205580] [] ? ip6_datagram_connect+0x3a/0x50 [ 142.211905] [] ? inet_dgram_connect+0x11e/0x200 [ 142.218218] [] ? fput+0xd2/0x140 [ 142.223232] [] ? SYSC_connect+0x22a/0x300 [ 142.229484] [] ? SYSC_bind+0x280/0x280 [ 142.235038] [] ? SyS_futex+0x206/0x310 [ 142.240571] [] ? do_futex+0x17c0/0x17c0 [ 142.246190] [] ? SyS_socket+0x121/0x1b0 [ 142.251807] [] ? move_addr_to_kernel+0x50/0x50 [ 142.258030] [] SyS_sendmmsg+0x35/0x60 [ 142.263480] [] ? __sys_sendmmsg+0x3d0/0x3d0 [ 142.269456] [] do_syscall_64+0x1a6/0x490 [ 142.275171] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 142.282085] [ 142.283714] Allocated by task 0: [ 142.287075] (stack is not available) [ 142.290777] [ 142.292395] Freed by task 0: [ 142.295396] (stack is not available) [ 142.299090] [ 142.300725] The buggy address belongs to the object at ffff8801cc0a6b40 [ 142.300725] which belongs to the cache ip_dst_cache of size 216 [ 142.313456] The buggy address is located 24 bytes inside of [ 142.313456] 216-byte region [ffff8801cc0a6b40, ffff8801cc0a6c18) [ 142.325260] The buggy address belongs to the page: [ 142.330167] page:ffffea0007302980 count:1 mapcount:0 mapping: (null) index:0x0 [ 142.338409] flags: 0x8000000000000080(slab) [ 142.342708] page dumped because: kasan: bad access detected [ 142.348424] [ 142.350028] Memory state around the buggy address: [ 142.354933] ffff8801cc0a6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 142.362266] ffff8801cc0a6a80: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 142.369599] >ffff8801cc0a6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 142.376932] ^ [ 142.383144] ffff8801cc0a6b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 142.390486] ffff8801cc0a6c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 142.397828] ================================================================== [ 142.405158] Disabling lock debugging due to kernel taint [ 142.410657] Kernel panic - not syncing: panic_on_warn set ... [ 142.410657] [ 142.418029] CPU: 1 PID: 7046 Comm: syz-executor3 Tainted: G B 4.9.124-g09eb2ba #31 [ 142.426849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 142.436187] ffff880196e874a0 ffffffff81eb95e9 ffffffff843c828b 00000000ffffffff [ 142.444222] 0000000000000000 0000000000000001 0000000000000040 ffff880196e87560 [ 142.452205] ffffffff81423eb5 0000000041b58ab3 ffffffff843bb8e8 ffffffff81423cf6 [ 142.460218] Call Trace: [ 142.462793] [] dump_stack+0xc1/0x128 [ 142.468147] [] panic+0x1bf/0x3bc [ 142.473139] [] ? add_taint.cold.6+0x16/0x16 [ 142.479085] [] kasan_end_report+0x47/0x4f [ 142.484863] [] kasan_report.cold.6+0x76/0x2fe [ 142.490993] [] ? ip6_xmit+0x1838/0x1b80 [ 142.496595] [] __asan_report_load8_noabort+0x14/0x20 [ 142.503323] [] ip6_xmit+0x1838/0x1b80 [ 142.508749] [] ? kasan_slab_free+0x72/0xc0 [ 142.514609] [] ? kfree+0xfb/0x310 [ 142.519687] [] ? skb_free_head+0x8b/0xb0 [ 142.525382] [] ? pskb_expand_head+0x45f/0x930 [ 142.531511] [] ? ip6_finish_output2+0x1d00/0x1d00 [ 142.537981] [] ? trace_hardirqs_on+0x10/0x10 [ 142.544014] [] ? __lock_is_held+0xa2/0xf0 [ 142.549791] [] ? ipv4_dst_check+0x111/0x160 [ 142.555739] [] ? __sk_dst_check+0x114/0x240 [ 142.561726] [] inet6_csk_xmit+0x27c/0x4d0 [ 142.567530] [] ? inet6_csk_xmit+0xff/0x4d0 [ 142.573413] [] ? inet6_csk_update_pmtu+0x160/0x160 [ 142.579972] [] ? check_preemption_disabled+0x3b/0x170 [ 142.586788] [] l2tp_xmit_skb+0xc45/0xf30 [ 142.592492] [] pppol2tp_sendmsg+0x4e0/0x790 [ 142.598445] [] ? selinux_socket_sendmsg+0x3f/0x50 [ 142.604945] [] ? pppol2tp_release+0x2e0/0x2e0 [ 142.611074] [] sock_sendmsg+0xcc/0x110 [ 142.616587] [] ___sys_sendmsg+0x47a/0x840 [ 142.622367] [] ? copy_msghdr_from_user+0x560/0x560 [ 142.628943] [] ? trace_hardirqs_on+0x10/0x10 [ 142.635015] [] ? check_preemption_disabled+0x3b/0x170 [ 142.641862] [] ? __fget+0x20a/0x3b0 [ 142.647113] [] ? __fget_light+0x169/0x1f0 [ 142.652886] [] ? __fdget+0x18/0x20 [ 142.658054] [] __sys_sendmmsg+0x161/0x3d0 [ 142.663895] [] ? SyS_sendmsg+0x50/0x50 [ 142.669411] [] ? ip6_datagram_connect+0x3a/0x50 [ 142.675712] [] ? inet_dgram_connect+0x11e/0x200 [ 142.682014] [] ? fput+0xd2/0x140 [ 142.687012] [] ? SYSC_connect+0x22a/0x300 14:26:57 executing program 5: [ 142.692785] [] ? SYSC_bind+0x280/0x280 [ 142.698299] [] ? SyS_futex+0x206/0x310 [ 142.703813] [] ? do_futex+0x17c0/0x17c0 [ 142.709421] [] ? SyS_socket+0x121/0x1b0 [ 142.715038] [] ? move_addr_to_kernel+0x50/0x50 [ 142.721266] [] SyS_sendmmsg+0x35/0x60 [ 142.726729] [] ? __sys_sendmmsg+0x3d0/0x3d0 [ 142.732731] [] do_syscall_64+0x1a6/0x490 [ 142.738443] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 142.745744] Dumping ftrace buffer: [ 142.749265] (ftrace buffer empty) [ 142.752948] Kernel Offset: disabled [ 142.756547] Rebooting in 86400 seconds..